Wednesday, May 23, 2007

Daily Highlights

The Illinois Department of Financial and Professional Regulation is sending out letters to an estimated 300,000 licensees and applicants informing them of a potential compromise of their names, Social Security numbers, and other personal data. (See item 9)
·
The Associated Press reports the Transportation Security Administration has started using hand−held scanners to inspect bottled carry−on liquids for explosives at some of the nation's busiest airports. (See item 14)

Information Technology and Telecommunications Sector

30. May 22, IDG News Service — Microsoft tools keep bad Office files at bay. Microsoft released a pair of tools on Monday, May 21, that help protect computers from Office 2003 files containing malicious software code. Both tools, which were announced earlier this month, are designed to help defend against Office "zero−day" attacks, which take advantage of vulnerabilities before a patch is released by Microsoft. These type of attacks have become more common in recent months as attackers look for holes in Office to penetrate corporate networks. The first tool to defend against these attacks, called Microsoft Office Isolated Conversion Environment (MOICE), is meant to protect users running Office 2003 and 2007 Office. The tool does not work with other versions of Office. The second tool, called File Block Functionality for Microsoft Office 2003 and the 2007 Microsoft Office system, gives system administrators the ability to define which file types can and cannot be opened by users. This gives administrators the ability to block access to certain files when a specific threat arises, Microsoft said. Microsoft detailed MOICE and File Blocker in a security advisory, recommending that both tools be used to protect against malicious Office documents.
Microsoft Advisory: http://www.microsoft.com/technet/security/advisory/937696.ms px
Source: http://www.infoworld.com/article/07/05/22/ms−tools−keep−bad−office−files−at−bay_1.html

31. May 22, Washington Post — XM Satellite Radio hit by temporary outage. XM Satellite Radio was off the air for many subscribers Monday, May 21. The company experienced a technical problem that triggered an outage lasting most of the day, causing many listeners across the country to lose access to its programming. The company blamed a software glitch for the interruption and did not say how many listeners lost their connections.
Source: http://www.washingtonpost.com/wp−dyn/content/article/2007/05/21/AR2007052101515.html

32. May 21, eWeek — IronPort revamps security monitoring site. IronPort Systems has revised its Internet traffic monitoring Website, a resource for IT staffers searching for a real−time view into security threats. This Website provides e−mail administrators visibility into the e−mail and Web traffic coming into their networks and features a new graphical user interface company officials hope will make it easier than ever for every member of the Internet community to track spam trends, virus outbreaks, spyware and other Web−based threats. A free service, SenderBase.org can be used like a credit reporting service, providing comprehensive data that ISPs and companies can use to tell the difference between legitimate senders and attackers, IronPort officials said. Consumers, media and other parties can also use SenderBase to monitor threat activity and check their e−mail reputation scores, officials added.
SenderBase Website: http://www.senderbase.org/
Source: http://www.eweek.com/article2/0,1895,2134577,00.asp

33. May 21, Washington Technology — DHS calls for cybersecurity white papers. The Department of Homeland Security (DHS) is initiating an ambitious Cyber Security Research Development Center program that entails soliciting input from industry, government labs and academia on how to protect data against the latest threats and intrusions. The Science & Technology Directorate published a 43−page broad agency announcement seeking white papers on topics such as botnet and malware protection, composable and scaleable systems, cyber metrics, data visualization, routing security, process control security, real−time assessment, data anonymization and insider threat detection and management. White papers on technologies to address the threats and strengthen protections are due on June 27. Final proposals will be due on September 17.
Source: http://www.washingtontechnology.com/online/1_1/30696−1.html? topic=homeland

34. May 21, Information Week — The impending Internet address shortage. The coming shortage of Internet Protocol addresses on Monday, May 21, prompted the American Registry for Internet Numbers to call for a faster migration to the new Internet Protocol, IPv6. The current version of the Internet Protocol, IPv4, allows for over 4 billion Internet addresses. Only 19 percent of the IPv4 address space remains. Somewhere around 2012−2013, the last Internet address bloc will be assigned and the Internet will be full, in a manner of speaking. IPv6 promises some 16 billion−billion possible addresses.
Source: http://www.informationweek.com/news/showArticle.jhtml?articl eID=199700668

35. May 21, ComputerWorld — Office 2007 left unprotected in update snafu. Office 2007 users running Windows Vista may not have realized that their systems had not received several of this month's patches, Microsoft Corp. said last week when it acknowledged that its security update services had failed to deploy the fixes. "We have updated the detection logic for the May 8th security and non−security updates for Office 2007," said Mark Griesi, a program manager with the Microsoft Security Response Center (MSRC), in an entry on the team's blog. "In some cases, the original detection logic may not have offered the updates or the updates may not have been installed successfully on systems running Windows Vista," Griesi added. Only Vista users with Office 2007 on their hard drives who rely on Microsoft Update or Windows Server Update Services for patches were affected, Microsoft said. The updates that may not have been deployed two weeks ago included ones for Excel 2007 and Office 2007 in general.
MSRC Blog: http://blogs.technet.com/msrc/archive/2007/05/17/new−detection−logic−for−may−8th−office−2007−updates.aspx
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9020262&source=rss_topic85